{"id":6873,"date":"2020-09-09T23:22:23","date_gmt":"2020-09-09T20:22:23","guid":{"rendered":"https:\/\/kifarunix.com\/?p=6873"},"modified":"2024-03-14T22:59:38","modified_gmt":"2024-03-14T19:59:38","slug":"install-and-configure-apt-caching-server-using-apt-cacher-ng-on-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-configure-apt-caching-server-using-apt-cacher-ng-on-ubuntu-20-04\/","title":{"rendered":"Install and Configure APT-Caching Server Using Apt-Cacher NG on Ubuntu 20.04"},"content":{"rendered":"\n<p>Welcome to our guide on how to install and configure apt-caching server using Apt-Cacher NG on Ubuntu 20.04 server. <a rel=\"noreferrer noopener\" href=\"https:\/\/www.unix-ag.uni-kl.de\/~bloch\/acng\/\" target=\"_blank\">Apt-Cacher NG<\/a>&nbsp;is special caching proxy for Debian based distributions that creates a local cache of Debian-based mirrors as well as other Linux distributions. This means that whenever a package is pulled from the official repositories, an APT cache server caches them such that if any other local machine would want to install the same package, it just pulls it from the local caching server. This helps eliminates the bottlenecks of slow internet connections.<\/p>\n\n\n\n<p>Apt-Cacher NG has been designed from scratch as a replacement for apt-cacher, but with a focus on maximizing throughput with low system resource requirements. It can also be used as replacement for apt-proxy and approx with no need to modify clients&#8217; sources.list files.<\/p>\n\n\n\n<p>Some of the features of&nbsp;Apt-Cacher NG&nbsp;include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It is lightweight and can run on systems with low memory and processing power<\/li>\n\n\n\n<li>It supports internal threading thus avoids process forking, kludges for pseudo-thread synchronization nor rely on special file system features for internal operations<\/li>\n\n\n\n<li>Supports HTTP pipelining and thus reduction of resource overhead and minimization of possible points of failure<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Setup APT-Caching Server Using Apt-Cacher NG on Ubuntu 20.04<\/h2>\n\n\n\n<p>Run system package cache update.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-apt-cacher-ng-ubuntu-20.04\"><a href=\"#install-apt-cacher-ng-ubuntu-20.04\">Installing&nbsp;Apt-Cacher NG on Ubuntu 20.04<\/a><\/h3>\n\n\n\n<p>Apt-Cacher NG&nbsp;is available on the default Ubuntu universe repositories by default;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt-cache policy apt-cacher-ng<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-cacher-ng:\n  Installed: (none)\n  Candidate: 3.3.1-2build1\n  Version table:\n     3.3.1-2build1 500\n        500 http:\/\/ke.archive.ubuntu.com\/ubuntu focal\/universe amd64 Packages<\/code><\/pre>\n\n\n\n<p>You can therefore install it using the package manager by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install apt-cacher-ng<\/code><\/pre>\n\n\n\n<p>During the installation, the installer will prompt you whether to allow HTTP tunnels through Apt-Cacher NG. This feature is usually disabled by default. Hence, select <strong>No<\/strong> to keep it disabled.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Running Apt-Cacher NG Service on Ubuntu 20.04<\/h3>\n\n\n\n<p>An Apt-cacher-ng systemd service unit is created when the <code>apt-cacher-ng<\/code> package is installed. The service is started and enabled to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl is-enabled apt-cacher-ng<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>enabled<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status apt-cacher-ng<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\u25cf apt-cacher-ng.service - Apt-Cacher NG software download proxy\n     Loaded: loaded (\/lib\/systemd\/system\/apt-cacher-ng.service; enabled; vendor preset: enabled)\n     Active: active (running) since Wed 2020-09-09 17:48:46 UTC; 31min ago\n   Main PID: 2785 (apt-cacher-ng)\n      Tasks: 1 (limit: 2282)\n     Memory: 2.1M\n     CGroup: \/system.slice\/apt-cacher-ng.service\n             \u2514\u25002785 \/usr\/sbin\/apt-cacher-ng -c \/etc\/apt-cacher-ng ForeGround=1\n\nSep 09 17:48:45 ubuntu20 systemd&#91;1]: Starting Apt-Cacher NG software download proxy...\nSep 09 17:48:46 ubuntu20 systemd&#91;1]: Started Apt-Cacher NG software download proxy.<\/code><\/pre>\n\n\n\n<p>You can control the service as you would any systemd service.<\/p>\n\n\n\n<p>Apt-Cacher NG&nbsp;also listens on port <code><strong>3142\/TCP<\/strong><\/code> by default.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ss -altnp | grep apt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN    0         250                0.0.0.0:3142             0.0.0.0:*        users:((\"apt-cacher-ng\",pid=2785,fd=10))                                       \nLISTEN    0         250                   &#91;::]:3142                &#91;::]:*        users:((\"apt-cacher-ng\",pid=2785,fd=11))<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Open Apt-Cacher NG Server Port on Firewall<\/h4>\n\n\n\n<p>If UFW is enabled and running, you need to open Apt-Cacher NG server port on Firewall to allow remote connection.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ufw allow 3142\/tcp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-apt-cacher-ng-ubuntu-20.04\"><a href=\"#configuring-apt-cacher-ng-ubuntu-20.04\">Configuring&nbsp;Apt-Cacher NG Server on Ubuntu 20.04<\/a><\/h3>\n\n\n\n<p>Once the Apt-cache-ng is installed, proceed to configure it to serve its purpose. On the server running the Apt-Cacher-NG, the main configuration file <strong><code>\/etc\/apt-cacher-ng\/acng.conf<\/code><\/strong>. The file is highly commented and in most cases, <strong>it can just run well with the default configuration options<\/strong>.<\/p>\n\n\n\n<p>Basically, the following are the some of the parameters that are enabled by default in the&nbsp;Apt-Cacher NG configuration file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>grep -vE \"^#|^$\" \/etc\/apt-cacher-ng\/acng.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>CacheDir: \/var\/cache\/apt-cacher-ng\nLogDir: \/var\/log\/apt-cacher-ng\nSupportDir: \/usr\/lib\/apt-cacher-ng\nRemap-debrep: file:deb_mirror*.gz \/debian ; file:backends_debian # Debian Archives\nRemap-uburep: file:ubuntu_mirrors \/ubuntu ; file:backends_ubuntu # Ubuntu Archives\nRemap-cygwin: file:cygwin_mirrors \/cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here\nRemap-sfnet:  file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here\nRemap-alxrep: file:archlx_mirrors \/archlinux # ; file:backend_archlx # Arch Linux\nRemap-fedora: file:fedora_mirrors # Fedora Linux\nRemap-epel:   file:epel_mirrors # Fedora EPEL\nRemap-slrep:  file:sl_mirrors # Scientific Linux\nRemap-gentoo: file:gentoo_mirrors.gz \/gentoo ; file:backends_gentoo # Gentoo Archives\nRemap-secdeb: security.debian.org ; security.debian.org deb.debian.org\/debian-security\nReportPage: acng-report.html\nExThreshold: 4\nLocalDirs: acng-doc \/usr\/share\/doc\/apt-cacher-ng<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Serving HTTPS Repositories with Apt-Cacher NG<\/h3>\n\n\n\n<p>By default, Apt-cacher NG do not server HTTPS repositories. To enable it to server HTTPs repos, &nbsp;you need to configure HTTPS connection tunneling through the Apt-Cacher proxy by uncommenting the line,&nbsp;<code><strong># PassThroughPattern: .* # this would allow CONNECT to everything<\/strong><\/code>&nbsp;in <code><strong>\/etc\/apt-cacher-ng\/acng.conf<\/strong><\/code> such that it looks like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/apt-cacher-ng\/acng.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>...\n# the server name with port and must be correctly formatted and terminated.\n# Examples:\n# PassThroughPattern: private-ppa\\.launchpad\\.net:443$\n<strong>PassThroughPattern: .*<\/strong> # this would allow CONNECT to everything<strong>\n<\/strong>#\n# Default: ^(bugs\\.debian\\.org|changelogs\\.ubuntu\\.com):443$\n# PassThroughPattern: ^(bugs\\.debian\\.org|changelogs\\.ubuntu\\.com):443$\n...<\/code><\/pre>\n\n\n\n<p>The downside for this is that the apt-cacher-ng will proxy&nbsp;but <strong>doesn&#8217;t  cache<\/strong>&nbsp;objects stored on SSL\/TLS repositories.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Restart Apt-Cacher NG Service<\/h5>\n\n\n\n<p>Everytime you make any configuration changes, you need to restart&nbsp;Apt-Cacher-NG&nbsp;in order for the changes to take effect by running the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart apt-cacher-ng<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"restrict-access-to-apt-cacher-ng\"><a href=\"#restrict-access-to-apt-cacher-ng\">Restrict Access to Apt-Cacher NG<\/a><\/h3>\n\n\n\n<p>As a security measure, you need to define hosts that are only allowed to download packages via the Apt-Cacher NG. Apt-Cache-ng supports Access Control Lists using TCP wrappers. Therefore, you can use the&nbsp;<code><strong>\/etc\/hosts.allow<\/strong><\/code>&nbsp;and&nbsp;<code><strong>\/etc\/hosts.deny<\/strong><\/code>&nbsp;files to whitelist or blacklist certain hosts respectively.<\/p>\n\n\n\n<p>For example;<\/p>\n\n\n\n<p>To allow host <code><strong>192.168.57.17<\/strong><\/code> and all hosts on the network 192.168.57.0\/24 to use Apt-Cacher NG server, put the following line in&nbsp;<code>\/etc\/hosts.allow<\/code><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt-cacher-ng : 192.168.57.17 192.168.57.0\/24<\/code><\/pre>\n\n\n\n<p>To block all hosts on the network 192.168.43.0\/24 except the host 192.168.57.27;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>put the following line in&nbsp;<code>\/etc\/hosts.deny<\/code><\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt-cacher-ng : 192.168.57.0\/24<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>and the following line in the&nbsp;<code>\/etc\/hosts.allow<\/code><\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt-cacher-ng : 192.168.57.27<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Client to use Apt-Cacher NG<\/h3>\n\n\n\n<p>Once you are done customizing your Apt-Cacher NG server configurations, you need to configure your clients so that they do package installation via the Apt-Cacher NG server.<\/p>\n\n\n\n<p>There are two ways in which clients can be configured to download packages through the Apt-Cacher.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#caching-machine-http-proxy\">Specifying the caching machine as HTTP Proxy for the client<\/a><\/li>\n\n\n\n<li><a href=\"#replace-sources.list\">Replacing all mirror hostnames with Caching host in sources.list<\/a><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"caching-machine-http-proxy\">Specifying the caching machine as HTTP Proxy for the client<\/h4>\n\n\n\n<p>In this method, you need to create the proxy configuration file&nbsp;pointing to the Apt-Caching-NG server in<code>&nbsp;<strong>\/etc\/apt\/apt.conf.d<\/strong><\/code>&nbsp;as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo 'Acquire::http::Proxy \"http:\/\/192.168.57.6:3142\";' &gt; \/etc\/apt\/apt.conf.d\/00aptproxy<\/code><\/pre>\n\n\n\n<p>Where&nbsp;<strong>192.168.57.6<\/strong>&nbsp;is your Apt-cacher-NG server IP address.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"replace-sources.list\">Replacing all mirror hostnames with Caching host in sources.list<\/h4>\n\n\n\n<p>In this case, you need to replace all mirror hostnames\/urls with the Apt-cacher-NG server IP address in <code><strong>\/etc\/apt\/sources.list<\/strong><\/code>. For example a mirror like<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code><code>deb http:\/\/us.archive.ubuntu.com\/ubuntu\/ focal universe<\/code><\/code><\/pre>\n\n\n\n<p>Would be formatted like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code><code>deb http:\/\/192.168.57.6:3142\/us.archive.ubuntu.com\/ubuntu\/ focal universe<\/code><\/code><\/pre>\n\n\n\n<p>The first method is more convenient as compared to the second method.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Verify the use of Apt-Cacher NG Server<\/h4>\n\n\n\n<p>To verify the use of Apt-Cacher NG server, on your Debian\/Ubuntu, run a command to update and upgrade the packages.<\/p>\n\n\n\n<p>Before that, on the Apt-Cacher NG server, tail the logs;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tail -f \/var\/log\/apt-cacher-ng\/apt-cacher.log<\/code><\/pre>\n\n\n\n<p>Then on the client, run system update. <\/p>\n\n\n\n<pre id=\"block-919c7c6a-6e18-4b68-a4ed-9798c5fb326e\" class=\"wp-block-preformatted\">apt update<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt upgrade<\/code><\/pre>\n\n\n\n<p>On the server, you should be able to see the clients connection thr the Apt-Cacher NG on the apt-cacher.log file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n1599680058|O|218|192.168.57.8|uburep\/dists\/focal\/InRelease\n1599680058|O|226|192.168.57.8|uburep\/dists\/focal-updates\/InRelease\n1599680058|O|228|192.168.57.8|uburep\/dists\/focal-backports\/InRelease\n1599680058|O|227|192.168.57.8|uburep\/dists\/focal-security\/InRelease\n1599680216|O|218|192.168.57.8|uburep\/dists\/focal\/InRelease\n1599680216|O|226|192.168.57.8|uburep\/dists\/focal-updates\/InRelease\n1599680217|O|228|192.168.57.8|uburep\/dists\/focal-backports\/InRelease\n1599680217|O|227|192.168.57.8|uburep\/dists\/focal-security\/InRelease\n1599680226|I|2927|192.168.57.8|uburep\/pool\/main\/u\/ubuntu-meta\/ubuntu-server_1.450.2_amd64.deb\n1599680226|O|3011|192.168.57.8|uburep\/pool\/main\/u\/ubuntu-meta\/ubuntu-server_1.450.2_amd64.deb\n1599680226|I|60913|192.168.57.8|uburep\/pool\/main\/b\/base-files\/base-files_11ubuntu5.2_amd64.deb\n...<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Apt-Cacher NG Command and Control Page<\/h3>\n\n\n\n<p>Apt-Cacher NG comes installed with a web server that enables it to proxy the HTTP package downloads.<\/p>\n\n\n\n<p>The web server can also be used to perform other tasks administrative tasks such as reporting. For example, you can access the Apt-Cacher NG report by navigating to <code><strong>http:\/\/&lt;apt-cacher-ng-server-IP&gt;:3142\/acng-report.html<\/strong><\/code>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"985\" height=\"769\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/09\/apt-cacher-ng-report.png\" alt=\"Install and Configure APT-Caching Server Using Apt-Cacher NG on Ubuntu 20.04\" class=\"wp-image-6900\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/09\/apt-cacher-ng-report.png?v=1599681158 985w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/09\/apt-cacher-ng-report-768x600.png?v=1599681158 768w\" sizes=\"(max-width: 985px) 100vw, 985px\" \/><\/figure><\/div>\n\n\n<p>To save on storage, you may want to clean cache from time to time. Apt-Cacher NG, installs a cron job along with itself that is run daily to clear the stale files from the cache;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/etc\/cron.daily\/apt-cacher-ng<\/code><\/pre>\n\n\n\n<p>You can as well be able to do this from the reporting page. Click on&nbsp;<strong>Start Scan and\/or Expiration<\/strong>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"985\" height=\"491\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/09\/apt-cacher-ng-cache.png\" alt=\"\" class=\"wp-image-6908\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/09\/apt-cacher-ng-cache.png?v=1599714465 985w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/09\/apt-cacher-ng-cache-768x383.png?v=1599714465 768w\" sizes=\"(max-width: 985px) 100vw, 985px\" \/><\/figure><\/div>\n\n\n<p>Reference\/Further Reading<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/www.unix-ag.uni-kl.de\/~bloch\/acng\/\" target=\"_blank\">Apt-Cacher NG<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/help.ubuntu.com\/community\/Apt-Cacher-Server\" target=\"_blank\" rel=\"noreferrer noopener\">Apt-Cache server Ubuntu<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-and-configure-aide-on-ubuntu-20-04\/\" target=\"_blank\">Install and Configure AIDE on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-and-setup-netdata-on-ubuntu-20-04-18-04\/\" target=\"_blank\">Install and Setup NetData on Ubuntu 20.04\/18.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/install-and-setup-lynis-security-auditing-tool-on-ubuntu-20-04\/\" target=\"_blank\">Install and Setup Lynis Security Auditing tool on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-passbolt-password-manager-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup Passbolt Password Manager on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our guide on how to install and configure apt-caching server using Apt-Cacher NG on Ubuntu 20.04 server. Apt-Cacher NG&nbsp;is special caching proxy for<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121],"tags":[1972,1976,1977,1975,1200],"class_list":["post-6873","post","type-post","status-publish","format-standard","hentry","category-howtos","tag-apt-cacher-ng","tag-apt-cacher-ng-ubuntu-20-04","tag-configure-apt-cacher-server-ubuntu-20-04","tag-install-apt-cacher-ng-ubuntu-20-04","tag-ubuntu-20-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6873"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=6873"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6873\/revisions"}],"predecessor-version":[{"id":21517,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/6873\/revisions\/21517"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=6873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=6873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=6873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}